Systems and methods for synchronizing between a source database cluster and a destination database cluster

ABSTRACT

In some embodiments, a database cluster to cluster synchronization system may include multiple replicators coupled to a source database cluster and a destination database cluster, where the source and destination cluster may be shard clusters. Each of the multiple replicators may correspond to a respective subset of the source database cluster and configured to monitor changes of data on the respective subset of the source database cluster and translate the changes of data to one or more database operations to be performed on the destination cluster. The changes of data on the source database may be contained in respective change streams associated with each of the replicators.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority under 35 U.S.C. § 119(e) to U.S.Provisional Application Ser. No. 63/349,336, entitled “SYSTEMS ANDMETHODS FOR SYNCHRONIZING BETWEEN A SOURCE DATABASE CLUSTER AND ADESTINATION DATABASE CLUSTER”, filed Jun. 6, 2022. This applicationclaims priority under 35 U.S.C. § 119(e) to U.S. Provisional ApplicationSer. No. 63/349,392, entitled “SYSTEMS AND METHOD FOR MANAGING ADISTRIBUTED DATABASE”, filed Jun. 6, 2022, each of which is herebyincorporated by reference in their entirety.

BACKGROUND

In a distributed system, database cluster to database clustersynchronization refers to data movement across two different clusters(e.g., at least a source and destination cluster), such as two clustersmanaged by different vendors, or two clusters located at differentgeographical regions. Replication is known in replicating data within asame database (e.g., a cluster). For example, in a distributed databasehaving primary nodes and multiple secondary nodes, data on the primarynodes may be replicated to one or more secondary nodes associated withthe primary nodes.

SUMMARY

According to some aspects, it is realized that when various existingreplication techniques are deployed in cluster to clustersynchronization, the results can be unexpected, random, and/or failentirely. Various aspects and embodiments discussed below resolve thedeficiencies of various known approaches. Further, the technologiesdescribed facilitate numerous applications where data movement betweenclusters is desired.

For example, to aid software development, a database may include twoclusters that are setup respectively for development and production,where data in the software development cluster may need to be moved tothe production cluster, or vice versa. In another application in theaudit and compliance industry, data may be provided to anotherorganization or another company on the team via synchronizing clustersof differing capability or architecture. For example, a separate clustermay be setup for the organization being audited, and data may bereplicated to the separate clusters for auditing purposes. In anotherexample application in analytics, there can be operational clustersconfigured for day-to-day operation of a business and a separatededicated cluster dedicated for analytics. In other applications, anenterprise exploring a new database system may need to migrate data onits old database system to a new trial database system, with the optionof reversing the migration or synchronizing data between the old and newdatabase systems once the data is migrated from the old system to thenew system.

Accordingly, the inventors have developed improved systems and methodsfor cluster to cluster synchronization. A cluster may be a replica setor a sharded cluster, and it may have multiple datasets in differentcollections and databases internally. In example deployments, a sourcecluster and a destination cluster may be managed by different vendors,or may be located at different geographical regions. In someembodiments, a cluster to cluster synchronization system may include aplurality of replicators coupled to a source database cluster and adestination database cluster. Each of the plurality of replicators maybe responsible for a respective subset of data in the source databasecluster, and the plurality of replicators may be executed at leastpartially in parallel.

In some embodiments, the source database cluster and the destinationdatabase cluster may each be organized as shards. A shard references aportion of data within a distributed database. Each cluster can comprisemultiple shards, and shards can be hosted on one or more servers orshard servers can host multiple shards of data. Data on respectiveshards or collections of shards can be associated with replicators. Forexample, all shards may be associated with a single replicator. Inanother example, each source shard may have a dedicated replicator. Theplurality of replicators may be configured to build indexes of data onthe destination database cluster stored in respective shards whilereplicating the data from the source database cluster to the destinationdatabase cluster. In a non-limiting example, all of the replicators areconfigured to replicate the same indexes as those on the source cluster.In some examples, the replicators may maintain the shard structures fromsource to destination.

According to some embodiments, the system may scan the indexesconstructed on the destination database cluster and check forinconsistencies, such as violations of index uniqueness. Varioussituations can result in inconsistency. For example, a replicator maybreak down during an replication operation (e.g., unclean cutover) andresult in index inconsistency. Multiple replicators being executed inparallel may result in out-of-order replication and thus, indexinconsistency. Accordingly, the system may relax index constraints whileallowing the synchronization process to proceed and reinforce theconstraints later. For example, the system may allow index violationstemporarily by replicating unique indexes as non-unique and convertingthem back to unique indexes at a later time (e.g., at commit time).

According to some embodiments, in some scenarios, e.g., in disasterrecovery, the system may check inconsistency with a validation logic.For example, the system may determine that the index uniqueness isviolated, which may be caused by a replicator having broken down (e.g.,due to unclean cutover). In response to determining that a violation ofindexes exists, the system may report the violation to the user. In someembodiments, the system may provide a tool (e.g., a graphical userinterface, an API or system call) to allow the user to correct theviolation. For example, a user may issue a system command to manuallycorrect the indexes. In further examples, the system can include userinterface prompts to identify inconsistent states, and/orrecommendations for manual correction.

In some embodiments, each of the plurality of replicators may beconfigured to, independently and at least partially in parallel, performdata replication based on respective change streams. A change stream mayinclude any suitable data structure which includes informationindicative of data changes on a subset of a cluster (e.g., the sourcecluster) with which the change stream is associated. The change streammay continuously update as the change of data occurs on the subset ofthe cluster and can be used by a respective replicator of the pluralityof replicators. For example, a first replicator of the plurality ofreplicators may be configured to monitor a first change stream whichincludes data indicative of a change of data in the subset of the sourcedatabase cluster associated with the first replicator. A secondreplicator of the plurality of replicators may be configured to monitora second change stream which includes data indicative of a change ofdata in the subset of the source database cluster associated with thesecond replicator. Each of the first and second replicators maytranslate the change of data on respective change streams to one or moredatabase operations (e.g., Create Read Update Delete (CRUD) operations)to be performed to the destination cluster.

In some embodiments, in the case of shard clusters for the source anddestination clusters, the change streams associated with the pluralityof replicators may be partitioned. For example, the first change streamassociated with the first replicator may correspond to a first subset ofshards in the source database cluster and provide a stream of datachanges that have been performed on first subset of shards (e.g.,database data), whereas the second change stream associated with thesecond replicator may correspond to a second subset of shards in thesource database cluster and provide a stream of data changes that havebeen performed on the second subset of shards (e.g., database data),where the second subset of shards is different from the first subset ofshards.

In some embodiments, the system may suspend and resume replication fromwhere the suspended operation left off. In a non-limiting example, thesystem may include a respective resume data structure associated witheach of the replicators. Each replicator may update the data in theassociated resume data structure as the replicator performs operations.The resume data structure may be persisted to the destination clusterand may include recovery state for the associated replicator and otherinformation, such as a source to destination mapping. In a non-limitingexample, when cluster to cluster synchronization is suspended, therecovery state for each of the replicators is stored in the respectivedata structure. When cluster to cluster synchronization is resumed, eachof the paused replicators will identify the correct direction ofreplication using the mapping data in the resume data structure, andcontinue running from the state it was in.

In some embodiments, the system may perform initial synchronizationbetween the source cluster and the destination cluster. For example, theinitial synchronization may be one-time replication of data from thesource cluster to the destination cluster, which will reach eventualconsistency and result in the data in the destination cluster to beidentical to the data in the source cluster. In some embodiments, onceinitial synchronization is completed, the cluster to clustersynchronization may include continuous synchronization between thesource cluster and the destination cluster. For example, the system mayfurther cause the plurality of replicators to continue replicating datafrom the source database cluster to the destination database clusterbased on subsequent data change(s) on the source database cluster. Asdescribed above, the plurality of replicators may perform similarreplication operations based on the respective change streams, whichcontain subsequent data changes on the source cluster.

In some embodiments, once initial synchronization is completed, or atany other time thereafter when the data on the source cluster anddestination cluster are identical (e.g., when replication for eachreplicator is committed or the synchronization is cutover), the clusterto cluster synchronization may be reversed, to allow data on thedestination cluster (or any writes to the destination cluster) to besynchronized to the source cluster. In reverse replication, theplurality of replicators may perform similar replication operations asdescribed above, with a difference being that the change streams mayinclude data indicative of changes of data on the destination cluster(new source cluster). Whereas conventionally replication in this settingis unidirectional source to destination, permitting reverse replicationenables data changes on the destination cluster (new source cluster) tobe replicated on the source cluster (new destination), as not found inmany conventional approaches.

In chunk migration, when documents are moved from one shard to another,a replicator may filter out unowned document (orphan document). Forexample, a cluster-wide point in time may be defined in the chunkmigration protocol to represent when the migration is committed. Then,write and change streams are able to filter out orphan documents.

In some embodiments, the change streams may be partitioned inassociation with one or more shards. For example, change streams maysupport a $_passthroughToShard parameter that accepts a shard ID. Thus,for a given shard, the system may return change stream(s) for the givenshard. This saves computing resources in that no other shards need to becommunicated.

In some embodiments, a filtered replication may be provide in that asubset of data in the source can be replicated to the destination. Forexample, the system allows users to configure which collections theywould like to synchronize and then the replicators will exclusively readthose collections. Change streams will be filtered to only those eventsrelevant to the filtered collections. If any new collections are createdthat match the filter, those will be replicated normally. In the eventthat a collection is named from out of the filter to being in thefilter, the system may provide a provision to replicate the renamedcollection. In some embodiments, if a transaction is partially in thefilter and partially out of the filter, likely only the part in thefilter will be included.

The various embodiments described in the present disclosure providecluster to cluster synchronization systems and methods for datasynchronization between source and destination clusters, where thesource and destination clusters may be shard database clusters. Asdescribed above, these various embodiments are advantageous overexisting database replication techniques by using parallel replicatorsto synchronize data between large scale shard clusters in an efficientmanner. Further, various embodiments allow cluster to clustersynchronization to work in different states, which facilitates variousapplications as described in the present disclosure.

Still other aspects, embodiments, and advantages of these exemplaryaspects and embodiments, are discussed in detail below. Moreover, it isto be understood that both the foregoing information and the followingdetailed description are merely illustrative examples of various aspectsand embodiments, and are intended to provide an overview or frameworkfor understanding the nature and character of the claimed aspects andembodiments. Any embodiment disclosed herein may be combined with anyother embodiment in any manner consistent with at least one of theobjectives, aims, and needs disclosed herein, and references to “anembodiment,” “some embodiments,” “an alternate embodiment,” “variousembodiments,” “one embodiment” or the like are not necessarily mutuallyexclusive and are intended to indicate that a particular feature,structure, or characteristic described in connection with the embodimentmay be included in at least one embodiment. The appearances of suchterms herein are not necessarily all referring to the same embodiment.Various aspects, embodiments, and implementations discussed herein mayinclude means for performing any of the recited features or functions.

BRIEF DESCRIPTION OF THE DRAWINGS

Various aspects of at least one example are discussed below withreference to the accompanying figures, which are not intended to bedrawn to scale. The figures are included to provide an illustration anda further understanding of the various aspects and examples, and areincorporated in and constitute a part of this specification, but are notintended as a definition of the limits of a particular example. Thedrawings, together with the remainder of the specification, serve toexplain principles and operations of the described and claimed aspectsand examples. In the figures, each identical or nearly identicalcomponent that is illustrated in various figures is represented by alike numeral. For purposes of clarity, not every component may belabeled in every figure. In the figures:

FIG. 1 is block diagram of an example cluster to cluster synchronizationsystem, according to one embodiment;

FIG. 2 is an example block diagram of a special purpose computer systemthat can be configured to execute the functions discussed herein;

FIG. 3 illustrates a lower bound of a CEA window for an exemplaryscenario of an exemplary embodiment;

FIG. 4 illustrates an upper bound of a CEA window for an exemplaryscenario of an exemplary embodiment;

FIG. 5 illustrates a modification of a lower bound and an upper bound ofa CEA window for an exemplary scenario of an exemplary embodiment;

FIG. 6 illustrates an exemplary scenario in which one Mongosync finishesits CEA cycle before other Mongosyncs in an exemplary embodiment;

FIG. 7 illustrates an exemplary scenario in which one Mongosync starts acycle after other Mongosyncs in an exemplary embodiment;

FIG. 8 illustrates an exemplary scenario for the copying of partitionsin a collection copy phase of an exemplary embodiment;

FIG. 9 illustrates timestamps of exemplary resume tokens for anexemplary scenario of an exemplary embodiment;

FIG. 10 is a graph of the status of the destination data as a functionof the time stamps of the CEAs for an exemplary scenario of an exemplaryembodiment;

FIG. 11 is a graph of the status of the destination data as a functionof the times stamps of the CEAs for another exemplary scenario ofanother exemplary embodiment;

FIG. 12 shows an exemplary scenario of Mongosyncs copying partitionsduring a collection copy phase for an exemplary embodiment;

FIG. 13 illustrates an exemplary scenario showing the finish times for aset of partitions for an exemplary embodiment;

FIG. 14 illustrates a set of possible cases for when a change event mayoccur in an exemplary scenario of an exemplary embodiment;

FIG. 15 shows a block diagram of a distributed database system in whichvarious embodiments may be implemented;

FIG. 16 illustrates a block diagram of an example replica set hosting adistributed database, according to some embodiments; and

FIG. 17 illustrates a block diagram of another example distributeddatabase system, according to some embodiments.

FIG. 18 is a flow diagram of an exemplary embodiment of a method 1800 toreplicate data from a source database cluster to a destination databasecluster with a plurality of replicators.

FIG. 19 is a flow diagram of an exemplary embodiment of a method toreplicate data from a source database cluster to a destination databasecluster with a plurality of replicators.

DETAILED DESCRIPTION

Stated broadly, various terms in the cluster to cluster synchronizationcontext described in the present disclosure may be interchangeable asappreciated by a person of ordinary skill in the art. For example,synchronization, replication, replicator, Mongosync as used in thecontext of cluster to cluster synchronization throughout the presentdisclosure may be interchangeable. Further, cluster and database clustermay also be interchangeable.

The inventors have acknowledged and appreciated that existing databasereplication technologies, such as those deployed in replicating datawithin a database, may not be readily suitable for deployingapplications such as those described above. For example, a cluster tocluster synchronization may require initial data replication from thesource cluster to the destination cluster in an efficient manner due tothe size of the cluster and the amount of data that need to bereplicated from the source cluster to the destination cluster. Further,while the data is being replicated from the source cluster to thedestination cluster, new changes to the data on the source cluster alsohappen (e.g., user writes new data to the source cluster). Thus, it is atechnical challenge to keep up with the high scale data changes on thesource while maintaining consistency on the destination.

In another scenario, once the initial replication is completed, clusterto cluster synchronization between the source cluster and thedestination cluster may be needed to synchronize any new changes to thedata on the source cluster to the destination cluster on a continuousbasis. This capability may be useful for disaster recovery (e.g., if thesource cluster breaks down, data can be recovered from the destinationcluster), or auditing application (e.g., data in the organization'sdatabase can be mirrored in the auditor's cluster for auditing).Additionally, and/or alternatively, any changes to the data on thedestination cluster (after the initial replication) to the sourcecluster may also be desirable. This is referred to as reversereplication (synchronization). In other applications that would benefitfrom cluster to cluster synchronization, data synchronization betweenthe source and destination clusters may be paused, and later resumed inan efficient manner from where the synchronization left off.

Accordingly, the inventors have developed improved systems and methodsfor cluster to cluster synchronization. In some embodiments, asynchronization system may include a plurality of replicators coupled toa source database cluster and a destination database cluster. Each ofthe plurality of replicators may be responsible for a respective subsetof data in the source database cluster, and plurality of replicators maybe executed at least partially in parallel. As such, the parallelreplication for different subsets of data in the source cluster mayimprove the performance of data synchronization by expediting thereplication of data from the source to the destination and keeping upwith fast changes on the source cluster.

Some embodiments support eventual consistency for data replication onthe destination cluster. In some embodiments, if the applicationquiesces writes on the source cluster (by taking the application to aquiesce mode, for a switchover or any other reason), the source anddestination will eventually have identical data. Alternatively, insteadof the quiesce mode, some embodiments may stop issuing writes to thecluster to allow for data to be consistent between the source anddestination cluster. In some embodiments, the number of writes to thesame document or across multiple documents need not be the same acrosssource and destination clusters. In some embodiments, writes may becombined or reordered while relaying from source to destination. In someembodiments, transactions may appear non-atomically on the destination.In some embodiments, if an application quiesces writes on the source,all operations from the source on the destination are eventuallyapplied. In some embodiments, applying all operations from the source(regardless of ordering) eventually bring a consistent copy of the datato the destination. In some embodiments, writes to the same documentsmay be reordered/combined. For example, when replicating a shardedcluster with per-shard change stream, writes to the same document thatare out of order may be reordered as long as eventual consistency can beguaranteed. In some embodiments, sharding support effectively maycombine writes (to the same document) by refetching the full document.Thus, some embodiments may provide that the source and destinationclusters will eventually have consistent data for the replicatedcollections if application quiesces writes on the source.

FIG. 1 is a block diagram of an example cluster to clustersynchronization system 100. Synchronization system 100 may be coupled toa source database cluster 102 and a destination database cluster 104. Asshown, synchronization system 100 may include a plurality of replicators108, each configured to perform various operations as described above.For example, each replicator 108 may be responsible for replicating arespective subset of data in the source database cluster 102 to thedestination database cluster 104, and plurality of replicators may beexecuted at least partially in parallel. As shown in FIG. 1 , each ofthe plurality of replicators 108 may communicate with the source cluster102 and destination cluster 104 through one or more respective routers(e.g., mongos) 110, 112 instead of directly communicating with theclusters 102, 104.

As shown in FIG. 1 , each replicator 108 may be implemented as areplication process, where the multiple replication processes may beexecuted at least partially in parallel. For example, the system mayspawn multiple threads running simultaneously, each thread being areplication process and configured to replicate a respective subset ofthe source cluster 102 to the destination cluster. As described above,the parallel replication for different subsets of data in the sourcecluster may expedite the replication of data from the source to thedestination to keep up with fast changes on the source cluster.

In some embodiments, source cluster 102 and destination cluster 104 mayeach be organized as shards. Each cluster can comprise multiple shards,and shards can be hosted on one or more servers or shard servers canhost multiple shards of data. Data on respective shards or collectionsof shards can be associated with replicators. Example details of a shardcluster are further described herein. In case of shard clusters forsource cluster 102 or destination cluster 104, the plurality of routers110, 112 may respectively include shard routers associated with thesource cluster 102 and destination cluster 104. In some embodiments,system 100 described above may cause the plurality of replicators toperform chunk migration of sharded data from the source cluster to thedestination cluster, to achieve eventual consistency, when data on thedestination cluster is identical to data on the source cluster.

The inventors have recognized and appreciated that executing replicatorsat least partially in parallel for synchronizing shard clusters mayimpose challenges in maintaining the consistency on the destinationcluster. For example, intermediate data generated by multiple parallelreplicators may become inconsistent accidently, preventing thedestination cluster to achieve eventual consistency. For example, indexinconsistency may be caused by out of order execution of parallelreplicators. An example of inconsistency includes violations of indexuniqueness for the destination cluster. For example, as multiplereplicators replicate data in parallel, they may also independentlygenerate keys with the same value in a unique index as a result.

Accordingly, some embodiments are provided to solve the technicalproblems discussed above and/or improve the performance ofsynchronization between two clusters. In some embodiments, each of theplurality of replicators may be configured to replicate indexes of dataon the destination database cluster stored in respective shards whilereplicating the data from the source database cluster to the destinationdatabase cluster. The system may cause the replicators to replicateindexes as non-unique indexes, thus allow index uniqueness violationstemporarily while the replicators are performing replication inparallel. When replications of the plurality of replicators are complete(e.g., when committed), the system may convert the non-unique indexes tounique indexes.

In some embodiments, the system may scan the indexes on the destinationdatabase cluster and check for violations of index uniqueness. Forexample, the system may determine that a violation of index uniquenessoccurred if a field, which is supposed to be unique across all documentsin the destination cluster already existed. In a non-limiting example, auser email address which appears in multiple documents in thedestination cluster have multiple field values that correspond to aunique index, and in response, the system may determine that the indexuniqueness rule is violated.

In performing the replication operation, each replicator 108 may beconfigured to independently monitor a change of data on the sourcecluster and translate the change of data to one or more databaseoperations to be performed on the destination cluster. For example, theone or more database operations to be performed on the destinationcluster may include CRUD operations (namely, create, read, update, anddelete). The change of data may be contained in a respective changestream associated with each replicator 108. For example, a firstreplicator of the plurality of replicators 108 may be configured tomonitor a first change stream which comprises data indicative of achange of data in the subset of the source database cluster associatedwith the first replicator, and translate the change of data in the firstchange stream to one or more database operations to be performed to thedestination cluster. Similarly, a second replicator of the plurality ofreplicators may be configured to monitor a second change stream whichcomprises data indicative of a change of data in the subset of thesource database cluster associated with the second replicator, andtranslate the change of data in the second change stream to one or moredatabase operations to be performed to the destination cluster.

In case of shard clusters for the source cluster 102 and destinationcluster 104, the change streams associated with the plurality ofreplicators 108 may be partitioned. For example, the first change streamassociated with the first replicator may correspond to a first subset ofshards in the source database cluster, whereas the second change streamassociated with the second replicator may correspond to a second subsetof shards in the source database cluster different from the first subsetof shards. Further, in case of shard clusters for the source cluster 102and destination cluster 104, each of the shard clusters may have adifferent topology. For example, the source database cluster and thedestination database cluster may each have a different number of replicanodes.

In some embodiments, chunk migrations of sharded data may be allowedwithin the source cluster or the destination cluster. In some scenarios,chunk migration within the destination cluster may cause the destinationcluster to become imbalanced. For example, as the result of chunkmigrations, a shard on the destination cluster may have a significantlyhigher number of documents than another shard on the destinationcluster. Accordingly, a balancer in the destination cluster may performshard balancing by moving some documents from one shard to another shardin the destination cluster. In some embodiments, the system may alsoperform balancing on the source cluster, independently of performing thebalancing on the destination cluster.

The inventors have further recognized and appreciated that executingreplicators in parallel may also result in conflicts, where out-of-orderchange events may occur if a document is moved between shards (e.g., bya chunk migration). For example, a later update to a document could beseen (by the system) before an earlier update.

Accordingly, in some embodiments, for each collection in the destinationsharded cluster, the replicator stores information about the mostrecently applied change event to each document. This information ismaintained as an additional sharded collection. Thus, the per document“last write” state may be used to determine whether a change eventshould be applied or ignored. In some embodiments, a replicator maycompare the clusterTime of a change event with tsOfLastFetch. If it isdetermined that clusterTime<tsOfLastFetch, then the replicator mayignore the change event.

In one embodiment relating to chunk migrations on a server, a recipientshard enters a critical section blocking writes after it has fetched thelast modification (e.g., after the donor has entered its criticalsection blocking writes), the recipient will enter its critical sectionblocking writes). In some embodiments, a donor, after it has committed achunk migration, will instruct the recipient that it may refresh itsfiltering metadata and then exit its critical section, via a new commandsuch as recvChunkReleaseCritSec. In some embodiments, to minimize thetime during which the critical sections are held, post-commit refresheson both the donor and the recipient may be done in parallel. In someembodiments, each participant may release its critical section as soonas the refresh is complete. In some embodiments, in case of a recipientfailover while it is holding the critical section, a new primary“recovers” it and waits for instructions from the donor to release it.In some embodiments, a new recovery document on the recipient ispersisted before it enters the critical section. In some embodiments, ifthat document is found on step-up, the shard may restore a state such asthe MigrationDestinationManager state. In some embodiment, a donor mayretry sending the recvChunkReleaseCritSec command until it receives afavorable response before entering a “migration complete” state. In someembodiments, in case of a donor shard election between the beginning ofthe donor critical section and the migration complete state, the newdonor primary may re-issue the recvChunkReleaseCritSec command to ensurethe recipient's critical section is released. In some embodiments, chunkmanager information that is relied upon to filter writes may reside onthe configsvr. In some embodiments, because the clusterTime at which theownership changed exists in one single place (e.g., config.chunks in theconfigsvr), shards will be consistent in knowing at what time one gaveup/took ownership of the chunk.

In other embodiments relating to chunk migrations on a server, theknowledge of what ranges are orphans from the config.rangeDeletionscollection, which is a shard-local collection, are sourced. In someembodiments, both shards may agree in a clusterTime at which theownership changed. In some embodiments, a migration coordinator maywrite updates to both a donor and a recipient's config.rangeDeletions atthe same clusterTime, possibly by means of a transaction. In someembodiments, this point in time may be aligned with the clusterTimewritten to the chunk entry in config.chunks, which may be used toperform the routing.

In some scenarios relating to chunk migrations on a server, writeoperations on orphaned documents may generate events on change streamsthat may be unexpected by users. In an exemplary scenario, a writeoperation broadcasted to all the shards while a moveChunk operation isin progress and the orphaned documents owned by the donor shard may alsobe addressed by this operation, thereby generating unexpected events onthe configured change streams.

In some embodiments relating to chunk migrations on a server, a writepath checks whether a current operation is writing on an orphandocument. Some embodiments may skip the write operation that affects anorphan document, and other embodiments may perform the write operationbut mark it so that it may be filtered by change streams. Someembodiments may skip write operations processed by the Mongosyncs thataffect orphan documents. Some embodiments may perform direct writeoperations against the shards that affect orphan documents but mark themin an operation log. In some scenarios, direct writes to shardsaffecting orphan documents (e.g., manual cleanup of range deletions) areallowed.

In some embodiments relating to chunk migrations on a server, beforeexecuting an update/delete operation, a determination is made as towhether the operation is affecting an orphan document or not. In someembodiments, this determination is done at the query-execution level. Insome embodiments, the current operation is skipped if it affects anorphan document and a changestream event is not generated. In otherembodiments, the value of a flag (e.g., fromMigrate) may be overriddensuch that if the current operation affects an orphan document, thegenerated entry in an operation log will be flagged. In someembodiments, these operation log entries may be filtered by the changestreams. In some embodiments, a determination as to whether a documentis owned by a current shard need not be made if if there are no rangedeletion tasks for the collection on that shard. In other embodiments,each operation log entry is annotated with additional informationidentifying orphaned documents. In some embodiments, a donor andrecipient uses the same migration protocol. In some embodiments, a donorinforms the recipient of which migration protocol it should use. In someembodiments, the migration protocol is not changed during a moveChunkexecution.

In some embodiments relating to chunk migrations on a server, themigration protocol may define a cluster-wide point in time in which theownership of a chunk is transferred and may filter writes on orphaneddocuments. In some embodiments, while a chunk migration is beingcommitted to the configsvr, a donor shard may hold the critical section.In some embodiments, once the commit is completed, the donor refreshesits filtering metadata to establish a definite ownership knowledge andthen releases the critical section. In some embodiments, to be able toavoid broadcast writes on orphaned (unowned) documents, the shards havea definite knowledge of what chunks it owns at any time when a write ispossible (i.e., at any time when the critical section is not taken). Insome embodiments, to ensure that the recipient shard has correctknowledge of its owned ranges during the migration commit, the recipientshard may hold the critical section blocking writes during the migrationcommit. In some embodiments, only writes are blocked because reads mayrely on the shard versioning protocol to ensure the proper filteringinformation is used.

In some embodiments relating to cluster to cluster migration, when thesource cluster is a sharded cluster, multiple replicator processes maybe used for scalability. In some embodiments, conflicts due to the useof multiple replicators during the change event application (CEA) phaseof the replication are resolved. In some embodiments, each replicatorprocess is executed with multiple roles during CEA including:

-   -   CRUD-processing Replicator: This role replicates inserts,        updates, and deletes from a single source shard. In some        embodiments, CRUD changes events are processed from a change        stream cursor which targets a single shard. By consuming only an        individual shard cursor, an additional replicator may be added        to the system in some embodiments to speed up replication        without introducing overhead with an order of the number of        shards to the source sharded cluster. Some embodiments include        special handling for per-shard DDL events like ‘create’ in order        to ensure that future CRUD operations execute on the right        namespaces.    -   DDL-processing Replicator: This role replicates collection and        view DDL operations, as well as the sharding DDL commands like        “shardCollection.” In some embodiments, the DDL change events        may be processed from a change stream cursor which merges the        results across all shards. On some embodiments, a single        Replicator process uses a merged change stream cursor to avoid        namespace clashes that would otherwise be incurred by        out-of-order DDL events handling. In some embodiments, a        coordinator processor will be designated as the DDL-processing        replicator for simplicity.

In some embodiments, for each collection in the destination shardedcluster, the replicator stores information about the most recentlyapplied change event to each document. In some embodiments, thisinformation is maintained as an additional sharded collection withvarious fields including one of more the following:

-   -   _id: The_id of the document in the destination sharded cluster,        which is also used as the shard key of this collection.    -   tsOfLastApply: The clusterTime of the change event which most        recently inserted, updated, or deleted this document.    -   tsOfLastFetch: This field limits the number of times a document        must be fetched when processing change events with        clusterTime≤tsOfLastFetch (e.g., already have their effects        reflected in the document fetched from the source sharded        cluster). In some embodiments, this field stores the value of        the afterClusterTime used to fetch the document from the source        sharded cluster.

In some embodiments, the last write state collections is stored in theMongosync database holding the persisted metadata for replication. Insome embodiments, each user database will have one such collection thatstores the last write states of all the documents in this database,which will only be populated during the change event application phase.In some embodiments, these collections are created during the handlingof create collection events and be named aslastWriteStates.<originalDBName>. In some embodiments, these collectionswill be created with {locale: “simple”} as their collection defaultcollation and sharded by {_id: 1}. In some embodiments, the _id field ofthese collections will be a combination of collectionUUID and _id of theoriginal document such as: {collUUID: <originalCollUUID>,docID:<originalDocID>}. In some embodiments, the queries and updates onthese collections as well as user collections use simple collation.

In some embodiments, each of the plurality of replicators may beconfigured to operate in one of multiple states, such as IDLE, RUNNING(e.g., data replication is being performed), PAUSED (e.g., replicationis being paused, for example, by a user), COMMITTING (e.g., replicationprocess is beginning to cutover, for example, by a user command), andCOMMITTED (e.g., the replication process has finished committing). Thesevarious states for the plurality of replicators allow the cluster tocluster synchronization to facilitate various applications and usecases. For example, the system may cause the plurality of replicators tosuspend and resume replication from where the suspended operations leftoff. In a non-limiting example, the system may include a respectiveresume data structure associated with each of the replicators, which mayupdate the data in the associated resume data structure as eachreplicator perform operations. The resume data structure may bepersisted to the destination cluster and may include recovery states forthe associated replicator and other information, such as a source todestination mapping. When cluster to cluster synchronization is resumed,each of the paused replicators will transition from PAUSED state toRUNNING state, where the replicator may identify the correct directionof replication using the mapping data in the resume data structure, andcontinue running from the state it was in.

In some embodiments, system 100 may perform an initial synchronizationbetween the source cluster 102 and the destination cluster 104. Forexample, the initial synchronization may be one-time replication of datafrom the source cluster to the destination cluster, which results in thedata in the destination cluster being identical to the data in thesource cluster. In some embodiments, once the initial synchronization iscompleted, the cluster to cluster synchronization may include continuoussynchronization between the source cluster and the destination cluster.For example, system 100 may further cause the plurality of replicators108 to continue replicating data from the source database cluster to thedestination database cluster based on subsequent data changes on thesource database cluster. As described above, the plurality ofreplicators may perform similar replication operations based on therespective change streams, which contain subsequent data changes on thesource cluster.

In some embodiments, once the initial synchronization is completed,and/or at any other time thereafter when the data on the source clusterand destination cluster are identical (e.g., when the replication ofdata for each replicator is committed, for example, the state of eachreplicator being COMMITTED), system 100 may reverse the cluster tocluster synchronization, to allow data on the destination cluster (orany writes to the destination cluster) to be synchronized to the sourcecluster. In reverse replication, the plurality of replicators 108 mayperform similar replication operations as described above, with adifference being that the change streams may contain data changes on thedestination cluster (new source cluster) and the resume data structuremay be persisted to the source cluster (new destination cluster).

In some embodiments, system 100, or the plurality of replicators 108 asdescribed above, may co-exist with and perform independently from otherdatabase replication architecture in a database system. For example,another replication architecture may include a primary node hosting dataof the source cluster and secondary nodes hosting copies of the primarynode data, where the primary node accepts and processes write operationsagainst the hosted data of the source cluster, and maintains anoperation log reflecting changes to the hosted data of the sourcecluster. The secondary nodes maintain consistency in the hosted copiesof the primary node data base on executing operations from the operationlog. An example of another replication architecture is described indetail in U.S. patent application Ser. No. 12/977,563, entitled “METHODAND APPARATUS FOR MAINTAINING REPLICA SETS,” the content of which isherein incorporated by reference in its entirety. The replicationarchitecture as described in the above reference may be coupled to thesource and/or destination clusters and co-exist with system 100, in someembodiments. System 100 and the replication architecture as described inthe above reference may also be executed independently.

Modifications and variations of the discussed embodiments will beapparent to those of ordinary skill in the art and all suchmodifications and variations are included within the scope of theclaims. An illustrative implementation of a computer system 200 that maybe used in connection with any of the embodiments of the disclosureprovided herein is shown in FIG. 2 . The computer system 200 may includeone or more processors 210 and one or more articles of manufacture thatcomprise non-transitory computer-readable storage media (e.g., memory220 and one or more non-volatile storage media 230). The processor 210may control writing data to and reading data from the memory 220 and thenon-volatile storage device 230 in any suitable manner. To perform anyof the functionality described herein, the processor 210 may execute oneor more processor-executable instructions stored in one or morenon-transitory computer-readable storage media (e.g., the memory 220),which may serve as non-transitory computer-readable storage mediastoring processor-executable instructions for execution by the processor210.

According to some embodiments of the present invention, a manageddatabase system, can be configured as a shard cluster and may implementa source database cluster (e.g., 102 in FIG. 1 ) and/or a destinationdatabase cluster (e.g., 104 in FIG. 1 ). The shard cluster is thegrouping of shards that collectively represent the data within thedatabase. In an example, a shard cluster may comprise multiple shards ofdata, each having multiple chunks. Each shard may include a replica set,each node of which may be referred to as a shard server. The manageddatabase system can include one or more configuration servers formetadata management, and shard router processes. Metadata for the shardcluster can include, for example, information on the ranges of datastored in each partition, information associated with managing the shardcluster, partition counts, number of shard servers, data indexinformation, partition size constraints, data distribution thresholds,among other options. In some embodiments, the database system includes adriver that receives submissions of transactions and/or operations froma client. The driver can be configured to receive and handle submissionsof transactions and/or operations from a client application. Forexample, the driver can be configured to receive one or moretransactions from the client, and command one or more of the shardservers of the database system to execute the transaction(s).

In some embodiments, the source cluster 102 described above withreference to FIG. 1 may be a component of the database system. Forexample, the source cluster 102 may receive database commands (e.g.,write new data) from the client and/or the driver, and the plurality ofreplicators 108 may communicate with the source cluster 102 through oneor more routers. Similarly, the destination cluster 104 described abovewith reference to FIG. 1 may also be a component of the database system.

In some embodiments, each shard of data can be configured to reside onone or more servers executing database operations for storing,retrieving, managing, removing and/or updating data. In someembodiments, a shard server contains multiple partitions of data whichcan also be referred to as “chunks” of database data. In someembodiments, a shard of data corresponds to a chunk of data. A chunk isalso a reference to a partition of database data. A chunk can beconfigured as a contiguous range of data from a particular collection inthe database. In some embodiments, collections are logical organizationsof subsets of database data. In some embodiments, a collection cancomprise one or more documents. A document can comprise a unit of datastorage. The document can include one or more fields and one or morevalues stored in the field(s). In one example, a collection of documentsis a named grouping of the data, for example, a named grouping ofdocuments. The named grouping can be homogenous or heterogeneous. Insome embodiments, collections are organizations of database data similarto relational database tables.

In some embodiments, configurations within a shard cluster can bedefined by metadata associated with the managed database referred to asshard metadata. Shard metadata can include information about collectionswithin a given database, the number of collections, data associated withaccessing the collections, database key properties for a givencollection, ranges of key values associated with a given partition,shard, and/or chunk of data within a given collections, to provide someexamples.

In some embodiments, establishing an appropriate shard key facilitatesthe efficient management of data within the shard cluster. To partitiona collection, a shard key pattern can be specified. The shard keypattern, in some embodiments, can be similar to the key pattern used todefine an index. The shard key pattern establishes one or more fields todefine the shard key upon which the managed database can distributedata. In some embodiments, the shard key pattern can be input through amanagement process. The shard key pattern can be predefined and/ordynamically generated. Once established, the shard key pattern can beused to control the partitioning of data. The data can be partitioned inchunks of data. A shard of data can be a chunk. The chunks of data aretypically constructed of contiguous ranges of data. According to oneembodiment, the congruous range of data is defined based on database keyvalues or database key patterns used associated with the data. In someexamples, chunks are defined by a triple (collection, minKey, andmaxKey). A given chunk can be configured with a name for the collectionto which the chunk belongs corresponding to collection in the triplesand a range of key values that define the beginning and the end of thedata found within the chunk corresponding to minKey and maxKey. In oneexample, the shard key K associated with a given document within acollection assigns that document to the chunk where the value for Kfalls within the values defined by minKey and maxKey. Thus, the sharddatabase key/shard database key pattern defines the range of data foundwithin a given chunk. The shard key ranges associated with a givenpartition can be used by the shard cluster (e.g., through a routerprocess) to direct database requests to appropriate shard servershosting the particular partition.

In some embodiments, a chunk may have a maximum size. In someimplementations, the maximum size can be predetermined. In someembodiments, the maximum size can be dynamically established. In someembodiments, a maximum size of 200 Mb establishes a good threshold thatbalances the costs of sharding (e.g., the computational burdenassociated with the copying/moving of the data and the versioning thechunks) against the improvement in processing by having sharded data.Some embodiments support compound shard keys/shard key patterns.

In some embodiments, the shard key should be selected to ensurethey aregranular enough to provide for an even distribution of data. Forinstance, when a shard key is based on name, the database can be checkedto insure there are not a disproportionate number of users with the samename. In such a case, an individual chunk can become too large andfurther, because of the key selected, be unable to split. In someimplementations, logic can be implemented within the shard cluster toassist in selecting of the shard key. Distributions can be establishedand analyzed, for example during a testing phase, to ensure that keydoes not invoke disproportionate distributions. For example, where theentire range comprises just a single key on name and a disproportionatenumber of users share the same name, it can become impossible to splitchunks of the data without creating a new shard key. Thus, for adatabase where it is possible that a single value within a shard keyrange might grow exceptionally large, a compound shard key can beconstructed that enables further discrimination of the values that asingle key selection.

In some embodiments, a chunk of a data can also be associated with amaximum size threshold which defines that maximum size a given chunk canreach before a splitting operations is performed on the data within thechunk. In some embodiments, once the data within a given chunk reachesthe maximum size, a managed database or a shard cluster can beconfigured to automatically generate a new chunk having its own range ofcontiguous data. In some examples, the data within the original chunk issplit, approximately half the data remaining in the original chunk andapproximately half the data being copied into the new created chunk.Although in some embodiments, the split can occur so that differentportions of data remain in the original chunk and/or are copied into thenew chunk.

In some embodiments, sharding of the database in data chunks, that isthe partitioning of the data in the database, occurs based on databasecollections rather than the database as a whole. For example, whenimplementing a database management system for a service like thewell-known TWITTER service, it is appreciated that the collection of“tweets” or messages within the database of the TWITTER service would beseveral orders or magnitude larger than the next largest collection. Thesize and throughput associated with the collection of tweets would beideal for sharding, whereas smaller collections can be configured toreside on a single server. In some implementations, the data within thedatabase is organized into documents. Some examples of documentorganization formats include the known JSON (JavaScript Object Notation)and BSON (binary encoded serialization of JSON) formatting fordocuments. BSON is a binary format in which zero or more key/value pairsare stored as a single entity. The B SON entity can be referred to as adocument. In some examples, BSON is designed to be efficient in space,but in many cases is not much more efficient than JSON. In some casesBSON can employ more space than JSON to encode information. In oneembodiment, this results from one of the BSON design goals:traversability. In some examples, BSON adds some additional informationto documents, like length prefixes, that make it the document easier andfaster to traverse. BSON is also designed to be fast to encode anddecode. For example, integers are stored as 32 (or 64) bit integers, sothey don't need to be parsed to and from text. This uses more space thanJSON for small integers, but is much faster to parse.

In some embodiments, the managed database system may have any suitablenumber of shards, configuration servers, and/or shard router processeswhich can increase the capacity of the managed database system. Theshard router processes handle incoming requests (e.g., transactionsand/or operations) from clients (e.g., applications, web services, userinitiated requests, application protocol interfaces, etc). The routerprocesses are configured to provide a transparent interface to handledatabase requests. In particular, the clients need not know that adatabase request is being served by a sharded database. The shard routerprocesses receive client requests and route the database requests to oneor more appropriate shards on shard servers.

In some embodiments, a router process can be configured to operate as arouting and coordination process that makes the various components ofthe cluster look like a single system, for example, to client. Inresponse to receiving a client request (e.g., a write operation) via thedriver, the router process routes the request to the appropriate shardor shards. The shard(s) return any results to the router process. Therouter process can merge any results and communicate the merged resultback to the driver. The driver can use the results for additionalprocessing and/or communicate results to the client.

In some embodiments, a shard may be hosted by a replica set. The replicaset may include a primary node and one or more secondary nodes. In someembodiments, each of the nodes of the replica set may be a separateshard server to provide redundancy, and protection against failures. Insome embodiments, the primary node may perform write operations. Thesecondary node(s) may replicate write operations performed by theprimary node to provide redundancy. In some embodiments, if the primarynode is unavailable, the database system may be unable to perform awrite operation. For example, if the primary node of a replica sethosting a shard shuts down, the database may be unable to execute thewrite operation on the shard during the period that the primary node isshut down, or until a new primary node is selected. In some embodiments,the driver can be configured to transmit one or more write commands to aprimary node of a replica set to perform one or more write operationssubmitted by the client. For example, the driver can be configured toconnect to the primary node to transmit the write command(s) to theprimary node to perform write operation(s) submitted by the client.

In some embodiments, the router process is configured to establishcurrent state information for the data distributed throughout thedatabase by requesting metadata information on the database from theconfiguration server(s). The request for metadata information can beexecuted on startup of a routing process. Further requests can beinitiated by the routing process and/or can be initiated by aconfiguration server. In one example, a change at the configurationserver can trigger a distribution of updates to any routing processes.

In some embodiments, any changes that occur on the configurationserver(s) can be propagated to each router process, as needed. In oneexample, router processes can be configured to poll the configurationservers(s) to update their state information periodically. In otherexamples, router processes can be configured to poll the configurationservers(s) to update their state information on a schedule,periodically, intermittently, and can be further configured to receivedupdates pushed from the configuration server(s) and/or any combinationof thereof. According to one embodiment, the router processes capturemetadata information on the shard cluster stored at the configurationservers. In some examples, the metadata information includes informationon the data stored in the database, how the data is partitioned, versioninformation associated with the partitions, database key valuesassociated with partitions, etc. According to some embodiments, therouter process can be configured without persistent state information.For example, at initiation the router process cannot fully route datarequests until its state is updated with the metadata describing thedistribution of data throughout the shards.

In some embodiments, router processes can run on any server within themanaged database and/or on any number of server(s) that is desired. Forexample, the router processes can be executed on stand-alone systems,and in other examples the router processes can be run on the shardservers themselves. In yet other examples, the router processes can berun on application servers associated with the managed database. Undertypical installations, there are no limits on the number of routerprocesses that can be invoked. The addition of routing processes canpermit the managed database to route greater number of requests to theappropriate shards of data. In some embodiments, additional routingprocess can enable additional client connections to the partitioneddatabase. In other embodiments, additional routing processes canfacilitate management of the distribution of data within the database.

In some embodiments, each router process can be configured to actindependently of any other routing processes being executed within themanaged database. In some examples, the router processes do notcoordinate processing, rather each router process can be configured toact independently. In some environments, this property enables unlimitednumbers of router processes with virtually no additional complexity, asall the router processes receive their state information from theconfiguration servers and no coordination between the router processesis required for routing data requests.

In some embodiments, configuration server(s) are configured to store andmanage the database's metadata. In some embodiments, the metadataincludes basic information on each shard in the shard cluster including,for example, network communication information, server information,number of chunks of data, chunk version, number of shards of data, shardversion, and other management information for routing processes,database management processes, chunk splitting processes, etc. Accordingto some embodiments, chunk information can be the primary data stored bythe configuration server(s). In some examples, chunks are defined by atriple (collection, minKey, and maxKey) and the metadata stored on theconfiguration servers establishes the relevant values for a given chunkof data.

In some embodiments, each of the installed configuration server(s) has acomplete copy of all the chunk metadata information for the manageddatabase. According to one aspect, various replication strategies can beimplemented to maintain consistency between configuration servers. Insome embodiments, updates to configuration data stored on theconfiguration server can require additional processes for insuringconsistency. For example, a two-phase commit operation, is used toensure the consistency of the configuration data amongst theconfiguration servers. In another example, various atomic commitmentprotocols (ACP) are used to insure consistency of the database metadataon any configuration servers.

The inventors have recognized that in addition to needing to replicatethe changes occurring to data on a source cluster, some users may havelarge amounts of existing data on the source cluster that needs to bereplicated (e.g., hundreds of gigabytes to terabytes). In someembodiments, a collection copy phase may replicate this data upfrontbefore handing off control to a change event application (CEA) phase tomake this data consistent on the destination cluster.

The inventors have also recognized that the collection copy phase maytake a long time (e.g., days) and that if may changes occur to thesource cluster during this phase, the oldest change may get pushed outof the source's operation log (e.g., fall off the operation log). As aresult, information may be lost, CEA may not be able to apply all therequired changes, the migration may need to be restarted. The inventorshave realized that this may be problematic to users because restarting amigration may result in substantial lost time. Moreover, there may be acognitive overhead and resource considerations in picking the right sizefor the operation log for a migration. In addition, a migration may noteven be possible in some environments with a very high write load.

In some embodiments, operation log entries may be buffered into a fileon the source cluster, thereby effectively lengthening the operation logwindow beyond its normal limit. Operation log buffering, however, mayrequire substantial disk space. Resuming CEA may be difficult becausereading from the middle of an operation log buffering file may bedifficult. Operation log buffering may create a dependency on themachine here the operation buffer log resides. Accordingly, in someembodiments, the collection copy phase may interleave copying partitionswith applying change events.

Some embodiments include various testing features (e.g., for improvedtest coverage for oplog rollover resistance). In some embodiments,passthrough tests are designed to spend more time in the collection copyphase. In some embodiments, a mechanism allows passthrough tests to beslowed down (e.g., sleeping during the collection copy phase). In someembodiments, the default partition size is 400 megabytes (MB). In someembodiments, the partition size is set to smaller values. In someembodiments, passthrough tests targe multi-partition logic. In someembodiments, performance workloads having a large volume of data to copyupfront and a large number of writes, are executed.

In some embodiments, an initial synchronization of a collection copyphase operates on units of work called partitions. In some embodiments,the partitions include metadata capturing a set of documents havingidentifiers within a particular range. In some embodiments, a limitednumber of partitions are copied and the change events that occurredduring the time the partitions are copied are applied. In this manner,change events will be reflected on the destination sooner and will bepermitted to fall off the operation log sooner as well. In someembodiments, copying partitions may be interleaved with a finite numberof CEA cycles, until the copying of the partitions is finished. Then,the normal CEA phase resumes.

In some embodiments, there is a many-to-many relationship betweenMongsosyncs and shards, meaning that a Mongosync is free to copy apartition with documents belonging to any shard. In some embodiments,documents may span more than one shard. In some embodiments, a Mongosyncis not tied to a particular shard for copying partitions. In theseembodiments, a partition key is not tied to a shard key, need not bemindful of a partition order and need not handle partitions spanningmultiple shards.

In some embodiments, each MongoSync opens its own per-shard changestream after all the Mongosyncs collectively reach a CEA phase. In someembodiments, a many-to-many relationship between Mongosyncs and shardsare preserved for a given partition. In some embodiments, when decidinghow to apply change events for a given partition, a change stream may beopened to targets all shards contained within the partition's documents.In some embodiments, a one to one stream relationship between changestreams and Mongosyncs are preserved. In some embodiments, eachMongosync will be responsible for applying the change events thatoccurred on its shard, regardless of which shards its partitions aretargeting.

In some embodiments, a partition may touch all shards. In someembodiments a change stream may touch only one shard. In someembodiments, change streams are coordinated so as all relevant changeevents that occurred for partitions that have been copied are processed.In some embodiments, change streams agree on a start time for applyingevents that occurred while a partition is copied. In some embodiments,each change streams uses the starting time value in a globalChangeStreamStartAtTs.

In some embodiments, the change events for all partitions that have beencopied are captured in a Change Event Application (CEA) window. In someembodiments, the CEA window is progressively advanced as more partitionsare copied, and background CEA cycles are run in a goroutine.Specifically, copying partitions may advance an upper bound of the CEAwindow, and running CEA cycles may advance a lower bound of the CEAwindows. In some embodiments, advancing the lower bound of the CEAwindow avoids falling off the operation log. In some embodiments, thelower and upper bounds of the CEA window are timestamps from the sourcecluster.

In some embodiments, the lower bound of the CEA window 302 is initiallythe starting time value of ChangeStreamStartAtTs, as shown in FIG. 3 .In some embodiments, the CEA window 302 may acquire an arbitrary upperbound when change events begin to be applied, as shown in FIG. 4 . Insome embodiments, the upper bound is obtained from an operation timefrom the source cluster. In some embodiments, the CEA window's arearepresents the number of change events that may be applied across theMongosyncs' change streams.

In some embodiments, when a Mongosync detects a new upper bound for aCEA window, its goroutine will run a CEA cycle to increase the lowerbound for the CEA window 302, as shown in FIG. 5 . In the exemplaryscenario of FIG. 5 , Mongosync 2 executes its CEA cycle first. In theexemplary scenario of FIG. 6 , Mongosync 2 finishes its CEA cycle whileMongosync 1 and Mongosync 2 continue to execute their CEA cycles. Insome embodiments, a CEA window's upper bound may increase if morepartitions are copied. In some embodiments, a CEA cycle goroutine willcheck a CEA window's upper bound periodically and apply events. In thescenario shown in FIG. 7 , Mongosync 2 takes a bit longer to start itsnext cycle, Mongosync 3 is ahead, and Mongosync 1 takes longer, perhapsbecause it may have a higher density of events for the current CEAwindow.

In some embodiments, the relative rates at which the Mongosyncs applytheir change events are not important. In some embodiments, the copyingof partitions in the collection copy phase may continue and anythingbelow the “global” lower bound of the CEA window 302 is free to fall offthe operation log, as illustrated in the exemplary scenario of FIG. 8 .

In some embodiments, a CEA window's lower bound may advance whenever aMongosync makes progress with its own change stream during a CEA cycle.In some embodiments, each Mongosync may update various fields (e.g.,CRUDResumeInfo, DDLResumeInfo). In some embodiments, each CEA cycle maybe finite (e.g., have a defined endpoint). In some embodiments, when aCEA cycle's resume token is greater than or equal to the endpoint, theCEA cycle may stop iterating the change stream and may update theCRUDResumeInfo/DDLResumeInfo resume data fields to the resume token ofthe previous event. In some embodiments, a resume token is provided as aStartAfter value when opening the change stream, which excludes thechange event corresponding to the resume token. In some embodiments, thenext CEA cycle may use this new token as its starting point.

In some embodiments, in a situation where there are no change eventsoccurring on the source cluster, a CEA cycle may be terminated when aMongosync writes a no-op upon finishing a partition so that a Mongosyncmay not block on a change event indefinitely. In some embodiments,Mongosync may include a LastOpFetchingService, which writes a no-opevery second. FIG. 9 illustrates the timestamps of resume tokens 950 fora Mongosync in an exemplary scenario. In some embodiments, a current CEAwindow's upper bound may be known ahead of time when a CEA cycle starts.In some embodiments, a cycle will apply all change events followingresume token T₀ until it sees a resume token T N that is greater thanthe CEA window's upper bound. In some embodiment, the Resume Token forthe last event applicated will be set to T_(N-1) from which the nextcycle will continue. In this manner, a CEA window's lower bound may beadvanced. In some embodiments, change events up to a point are appliedand that point is saved using a resume token.

In some embodiments, an upper bound of a CEA window is calculated by theMongosyncs. In some embodiments, a change event includes a DDL event, aninsert event, an event to update, replace or delete a document whichknown to be on the destination, etc. In some embodiments, a state of adestination cluster relative to a source cluster will transition from a“nonsense” state to an “inconsistent and stale” state after all eventsbefore a point in time are applied. In some embodiment, a state of adestination cluster relative to a source cluster will transition to an“inconsistent but less stale” state after events subsequent to the pointin time are applied. FIG. 10 is a graph of the status or states 1002 ofthe destination data as a function of the times stamps of the CEAs foran exemplary embodiment. FIG. 11 is a graph of the status or states 1002of the destination data as a function of the times stamps of the CEAsfor another exemplary embodiment.

In some embodiments, a first set of partitions is copied; change eventsare applied to the first set of copied partitions; as second set ofpartitions is copied; additional change events are applied to the secondset of partitions, etc. In some embodiments, additional change eventsare applied not only to the most recent set of partitions that have beencopied but to all preceding partitions that have been copied. In someembodiments, an up-to-date measure is maintained for all sets ofpartitions that have been copied curing the course of the collectioncopy phase.

In some embodiments, the number of changes events that may be applied bya Mongosync are limited while other Mongosyncs are permitted to proceedwith copying partitions. In some embodiments, partitions areperiodically checked to determine if change events may be applied forthem. In some embodiments, the extent to which change events may beapplied is limited by the earliest partition finish time across allMongosyncs.

FIG. 12 shows an exemplary scenario of Mongosyncs copying partitionsduring a collection copy phase. Each black dot 1202 represents thecompletion of a copying of a partition; a vertical magenta linerepresents an upper bound of the CEA window; a green segment representsthe completion of a copying of a partition; a yellow segment representsan in progress copying of a partition, and a red segment represents apartition which resides in a queue waiting to be copied.

In some embodiments, change events are applied until the leftmostgreen-yellow transition. In some embodiments, a CEA cycle is executedfrom the current CEA window's lower bound to the earliest partitioncompletion time across all Mongosyncs (e.g., P30's completion time inFIG. 12 ). In some embodiments, each Mongosync will periodically updateits latest partition finish times, thereby enabling a cycle toimplicitly include more than one partition's finish times.

FIG. 13 illustrates an exemplary scenario in which the finish times forpartitions P10, P20, P21 and P30 are all implicitly included. In someembodiments, change events are effectively batched CEA cycles, therebyreducing overhead in opening change streams.

In some embodiments, a CEA window upper bound is the minimum of thelatest partition finish times across all Mongosyncs. In someembodiments, the latest partition finish times may be stored within thepartition documents in a field (e.g., the FinishedAtTs field). In someembodiments, the FinishedAtTs field may represent the source clusteroperation time immediately following the copying of the last document ofa partition and may be set to the timestamp resulting from executed anappendOplogNote command (e.g., a no-op write) on the source cluster.

In some embodiments, a Mongosync may always copy multiple partitions inparallel and may set the FinishedAtTs field for each one upon completionof a partition. In some embodiments, the latest (i.e., the maximum) ofthe FinishedAtTs values within a Mongosync, and the earliest (i.e., theminimum) of these timestamps across all Mongosyncs are retrieved andstored. Taking the maximum first ensures that the CEA window's upperbound can actually advance, while taking the minimum ensures that changeevents are only applied up to the correct point in time.

In some embodiments, there are four possible cases 1402 for when achange event occurs relative to reading and copying a document, as shownin FIG. 14 :

-   -   Case 1—The change event is already reflected in document D by        the time D is copied. In this case, the event will not be        applied because it occurred before the partition was started;    -   Case 2—The change event is already reflected in document D by        the time D is copied. In this case, although the event may be        ignored, it may nonetheless be redundantly applied because it is        an idempotent operation;    -   Case 3—The change event is not yet reflected in document D by        the time D is copied. In this case, the event must be applied,        preferably as soon as the CEA window's upper bound is advanced        to include this partition's finish time; and    -   Case 4—The change event is similar to case 3 but for the finish        time of some upcoming partition. In this case, it will take        longer to apply the event.

In some embodiments, a Mongosync may set various fields (e.g., T and Ifields) within the FinishedAtTs fields to a maximum value when theMongosync finishes its partitions so that it cannot be selected as theminimum. In some embodiments, a CEA cycle goroutine may continueexecuting for a Mongosync that has finished all of its partitions. Insome embodiments, when the CEA upper window eventually returns atimestamp with a maximum value for both the T and I fields, this will beinterpreted as an exit condition indicating that all Mongosyncs havefinished, and that each Mongosync may exit the collection copy phase andcontinue to the regular CEA phase. In some embodiments, a Mongosync mayupdate its phase and persist it. In some embodiments, the regular CEAphase may then continue from the CRUDResumeInfo/DDLResumeInfo stored ineach Mongosync's resume data. In some embodiments, the transition fromthe collection copy phase to the regular CEA phase may remainsynchronous, meaning that all Mongosyncs must finish the collection copyphase before moving to the regular CEA phase. Because each Mongosync'sCEA cycle goroutine may continue to execute after its partitions arefinished in some embodiments, the actual transition to the CEA phase maynever need to be known because the CEA phase is built into thecollection copy phase.

Assuming fairly randomized writes on the source cluster during thecollection copy phase, most CRUD events applied early in the collectioncopy phase may fail because few documents may exist on the destinationat this point in time. As the collection copy continues, the successrate for applying CRUD events will get progressively better with eachCEA cycle. In some embodiments, these failures may be ignored if thedocument does not yet exist on the destination. In some embodiments, achange stream may be filtered for CRUD events pertaining to documentsthat are known to have been copied so as to reduce the number of eventsthat are needlessly applied. In some embodiments, filtering mayeffectively double the average success rate.

For CRUD events in some embodiments, each change stream's filter mayinclude the union of the identifier ranges of all partitions that havefinished across all Mongosyncs. In some embodiments, the filter mayinclude an accumulating set of identifier ranges derived from finishedpartitions. In some embodiments, change events are applied for adocument indefinitely after it has been copied. In some embodiments,ranges of adjacent partitions that have finished may be combined beforethe ranges for the change stream filter are used, to delay reaching anyBSON limit. For example, if the following partition progress has beenmade for a given collection:

-   -   {uuid: 42, partitionPhase: “done”, lowerBound: 0, upperBound:        100}    -   {uuid: 42, partitionPhase: “done”, lowerBound: 100, upperBound:        200}    -   {uuid: 42, partitionPhase: “done”, lowerBound: 200, upperBound:        300}    -   {uuid: 42, partitionPhase: “not started”, lowerBound: 300,        upperBound: 400}    -   {uuid: 42, partitionPhase: “done”, lowerBound: 400, upperBound:        500}    -   {uuid: 42, partitionPhase: “done”, lowerBound: 500, upperBound:        600}        the ranges for all partitions may be combined where possible,        thereby resulting in two combined partition ranges [0, 300] and        [400, 600].

Various embodiments as discussed herein may be implemented on variousdatabase and storage systems. FIG. 15 shows a block diagram of adistributed database system in which various embodiments may beimplemented. In particular, FIG. 15 shows an example of a databasesubsystem 700 that may be implemented in cloud storage system (and/or alocal storage system). The database subsystem 700 is one exampleimplementation of all or any portion of the database management systemshown by way of example in FIG. 1 . The database subsystem 200 includesan interface 702 for sending and receiving information (includingdatabase requests and responses thereto) to router processes, databaseclients, or other components or entities in the system. In oneembodiment, the backend architecture is configured to interact with anydata model provided by a managed database. For example, the manageddatabase can include a non-relational data model. In another embodiment,the data model can be implemented in the form of replica sets asdescribed in U.S. patent application Ser. No. 12/977,563, which ishereby incorporated by reference in its entirety. The database subsystem700 includes a storage application. In one implementation described ingreater detail below, a base unit of data is a document.

In some embodiments, a storage application programming interface (API)708 receives database requests, including requests to perform read andwrite operations. When a write operation is requested, the storage API708 in response selectively triggers a first storage engine 704 or asecond storage engine 706 configured to store data in a first dataformat or second data format, respectively, in node 710. As discussed inmore detail below, a database monitor 711 may track a number ofanalytics about the database. In some embodiments, the database monitor711 is configured to track the operations performed on the data overtime, and stores that information as analytics data 713. In someexamples, analytic data may be stored in a separate database. In otherexamples, the analytics data is stored as a name collection (i.e., alogical grouping of data). These analytics may be provided to thestorage API 708, which relies on the analytics to selectively actuate anappropriate storage engine. In further embodiments, although multiplestorage engines are provided, not all storage engines may operate withsnapshots. Responsive to a command execution that includes operationsinvolving snapshots, the system may force use of a particular storageengine or alternatively provide error information that the currentstorage engine does not support the functionality. Thus, the system canbe configured to check capability of storage engines to support certainfunctions (e.g., snapshot read functions) and report on the same to endusers.

In one example, the database monitor 711 tracks the relative number ofread and write operations performed on a collection within the database.In another example, the database monitor 711 is configured to track anyoperations (e.g., reads, writes, etc.) performed on any base unit ofdata (e.g., documents) in the database.

In some embodiments, the storage API 708 uses the tracked data (e.g.,analytics data) collected by the database monitor 711 and/or theanalytics data 713 to select an optimal storage engine for a database, acollection, or a document having the observed read/write ratio. In oneexample, the storage API 708 is mapped to the selected storage engine.For example, an identifier of the selected storage engine may be storedin a location in memory or on disk; when a write operation request isreceived by the storage API 708, the identifier is used to identify andactivate the storage engine. Alternatively, elements of the database canspecify a mapping or association with a storage engine that can bemanually edited, edited through an administrative interface, orautomatically changed responsive to system monitoring. In otherembodiments, the database monitor 711 itself is configured to determinean optimal storage engine based on the analytics data 713 and otheraspects of the data, for example, stored in the database, databasecollection, or in a document. This determination may be passed to thestorage API 708, or otherwise used to map the storage API 708 to adetermined storage engine.

The storage API 708 receives database write requests (e.g., from adatabase API (not shown)) via a network interface 707, and carries outthe requested operations by selectively triggering one of the firststorage engine 704 and the second storage engine 706. The first storageengine 704 and the second storage engine 706 are executable softwaremodules configured to store database data in the data node 710 in aparticular data format. For example, the first storage engine 704 may beconfigured to store data in a row-store format, and the second storageengine 706 may be configured to store data in a LSM-tree format. In oneexample, the first storage engine 704 and/or the second storage engine706 are configured store primary database data (i.e., the data beingstored and queried) in a particular data format in the primary datamemory 712 and may store database index data in a particular data formatin index data memory 714. In one embodiment, the first storage engine704 and/or the second storage engine 706 are configured store anoperation log (referred to as an “oplog”) 716 in a particular dataformat. As discussed in more detail below, a database monitor 711 maytrack a number of analytics about the database, and the operationsperformed on it over time, and stores that information as analytics data713.

One advantage of using the storage API 708 as an abstraction layerbetween the database API and the storage engines is that the identityand selection of a particular storage engine can be transparent to thedatabase API and/or a user interacting with the database API. Forexample, the database API may pass a “write” function call to thestorage API 708 instructing the storage API to write a particular set ofdata to the database. The storage API 108 then determines, according toits own analysis and/or user input, which storage engine should performthe write operation. Different storage engines may be appropriate fordifferent types of data stored in different collections that may undergoa variety of different operations. Thus, the choice and implementationof calls to an appropriate storage engine are made by the API 708,freeing the database API calls to simply request a “write” of certaindata. This abstraction level allows for the implementation of the systemon large filesystems that may be stored across machines in a databasecluster, such as the Hadoop Filesystem offered by the Apache SoftwareFoundation.

Another advantage of using the storage API 708 is the ability to add,remove, or modify storage engines without modifying the requests beingpassed to the API 708. The storage API 708 is configured to identify theavailable storage engines and select the appropriate one based on one ormore factors discussed below. The database API requesting writeoperations need not know the particulars of the storage engine selectionor operation, meaning that storage engines may be embodied in pluggablemodules that may be swapped out or modified. Thus, users are able toleverage the same query language, data model, scaling, security andoperational tooling across different applications, each powered bydifferent pluggable storage engines.

The embodiment shown and discussed with respect to FIG. 15 depicts asingle database node 710. Yet in some embodiments, multiple databasenodes may be provided and arranged in a replica set. FIG. 16 shows ablock diagram of an exemplary replica set 800. Replica set 800 includesa primary node 802 and one or more secondary nodes 808 and 810, each ofwhich is configured to store a dataset that has been inserted into thedatabase. The primary node 802 may be configured to store all of thedocuments currently in the database and may be considered and treated asthe authoritative version of the database in the event that anyconflicts or discrepancies arise, as will be discussed in more detailbelow. While two secondary nodes 808, 810 are depicted for illustrativepurposes, any number of secondary nodes may be employed, depending oncost, complexity, and data availability requirements. In a preferredembodiment, one replica set may be implemented on a single server. Inother embodiments, the nodes of the replica set may be spread among twoor more servers.

The primary node 802 and secondary nodes 808, 810 may be configured tostore data in any number of database formats or data structures as areknown in the art. In a preferred embodiment, the primary node 802 isconfigured to store documents or other structures associated withnon-relational databases. The embodiments discussed herein relate todocuments of a document-based database, such as those offered byMongoDB, Inc. (of New York, New York and Palo Alto, California), butother data structures and arrangements are within the scope of thedisclosure as well.

In some embodiments, the replica set primary node 802 only accepts writerequests (disallowing read requests) from client systems 804, 806 andthe secondary nodes 808, 810 only accept reads requests (disallowingwrite requests) from client systems 804, 806. In such embodiments, theprimary node 802 receives and processes write requests against thedatabase, and replicates the operation/transaction asynchronouslythroughout the system to the secondary nodes 808, 810. In one example,the primary node 802 receives and performs client write operations andgenerates an oplog. Each logged operation is replicated to, and carriedout by, each of the secondary nodes 808, 810, thereby bringing thosesecondary nodes into synchronization with the primary node 802. In someembodiments, the secondary nodes 808, 810 may query the primary node 802to receive the operation log and identify operations that need to bereplicated. In other embodiments, the operation log may be transmittedfrom the primary node 802 to the secondary nodes 808, 810 periodicallyor in response to the occurrence of a predefined condition, such asaccruing a threshold number of operations in the operation log that havenot yet been sent to the secondary nodes 808, 810. Other implementationscan be configured to provide different levels of consistency, and, forexample, by restricting read requests. According to one embodiment, readrequests can be restricted to systems having up to date data, readrequests can also in some settings be restricted to primary systems,among other options.

In some embodiments, both read operations may be permitted at any node(including primary node 802 or secondary nodes 808, 810) and writeoperations limited to primary nodes in response to requests fromclients. The scalability of read operations can be achieved by addingnodes and database instances. In some embodiments, the primary node 802and/or the secondary nodes 808, 810 are configured to respond to readoperation requests by either performing the read operation at that nodeor by delegating the read request operation to another node (e.g., aparticular secondary node 808). Such delegation may be performed basedon load-balancing and traffic direction techniques. In otherembodiments, read distribution can be managed based on a respectivesnapshot available at various nodes within a distributed database. Forexample, the system can determine based on analyzing client requesteddata what snapshot is associated with the requested data and what nodehosts the respective data or snapshot that can be used to provide therequested data. In one example, a data routing processor accessesconfiguration files for respective replica sets to determine what nodecan respond to a data request, and further analysis of respectivesnapshots can determine, for example, what node within a replica setneeds to be accessed.

In some embodiments, the primary node 802 and the secondary nodes 808,810 may operate together to form a replica set 800 that achieveseventual consistency, meaning that replication of database changes tothe secondary nodes 808, 810 may occur asynchronously. When writeoperations cease, all replica nodes of a database will eventually“converge,” or become consistent. The eventually consistent modelprovides for a loose form of consistency.

Other example implementations can increase the strength of consistency,and for example, can include monotonic read consistency (no out of orderreads). Eventual consistency may be a desirable feature where highavailability is important, such that locking records while an update isstored and propagated is not an option. In such embodiments, thesecondary nodes 808, 810 may handle the bulk of the read operations madeon the replica set 800, whereas the primary node 808, 810 handles thewrite operations. For read operations where a high level of accuracy isimportant (such as the operations involved in creating a secondarynode), read operations may be performed against the primary node 802. Insome embodiments, replica set 800 can be configured to perform accordingto a single writer eventually consistent model.

It will be appreciated that the difference between the primary node 802and the one or more secondary nodes 808, 810 in a given replica set maybe largely the designation itself and the resulting behavior of thenode; the data, functionality, and configuration associated with thenodes may be largely identical, or capable of being identical (e.g.,secondary nodes can be elevated to primary nodes in the event offailure). Thus, when one or more nodes within a replica set 800 fail orotherwise become available for read and/or write operations, other nodesmay change roles to address the failure. For example, if the primarynode 802 were to fail, a secondary node 808 may assume theresponsibilities of the primary node, allowing operation of the replicaset to continue through the outage. This failover functionality isdescribed in U.S. application Ser. No. 12/977,563, the disclosure ofwhich is hereby incorporated by reference in its entirety.

Each node in the replica set 800 may be implemented on one or moreserver systems. Additionally, one server system can host more than onenode. Each server can be connected via a communication device to anetwork, for example the Internet, and each server can be configured toprovide a heartbeat signal notifying the system that the server is upand reachable on the network. Sets of nodes and/or servers can beconfigured across wide area networks, local area networks, intranets,and can span various combinations of wide area, local area and/orprivate networks. Various communication architectures are contemplatedfor the sets of servers that host database instances and can includedistributed computing architectures, peer networks, virtual systems,among other options.

The primary node 802 may be connected by a LAN, a WAN, or otherconnection to one or more of the secondary nodes 808, 810, which in turnmay be connected to one or more other secondary nodes in the replica set800. Connections between secondary nodes 808, 810 may allow thedifferent secondary nodes to communicate with each other, for example,in the event that the primary node 802 fails or becomes unavailable anda secondary node must assume the role of the primary node.

According to one embodiment, a plurality of nodes (e.g., primary nodesand/or secondary nodes) can be organized in groups of nodes in whichdata is stored and replicated across the nodes of the set. Each groupcan be configured as a replica set. In another embodiment, one or morenodes are established as primary nodes that host a writable copy of thedatabase. Each primary node can be responsible for a portion of thedatabase, e.g. a database shard. Database sharding breaks up sections ofthe database into smaller portions based on, for example, ranges of thedata. In some implementations, database sharding facilitates scaling aprimary-secondary architecture over a large number of nodes and/or largedatabase implementations. In one embodiment, each database shard has oneprimary node which replicates its data to its secondary nodes. Databaseshards can employ location preferences. For example, in a database thatincludes user records, the majority of accesses can come from specificlocations. Migrating a shard primary node to be proximate to thoserequests can improve efficiency and response time. For example, if ashard for user profile includes address information, shards can be basedon ranges within the user profiles, including address information. Ifthe nodes hosting the shard and/or the shard primary node are locatedproximate to those addresses, improved efficiency can result, as one mayobserve the majority of requests for that information to come fromlocations proximate to the addresses within the shard.

An example of a database subsystem 900 incorporating a replica set 410is shown in FIG. 17 . As can be seen, database subsystem 900incorporates many of the elements of database subsystem 700 of FIG. 15including the network interface 702, the storage engines 704, 706, thestorage API 708, the database monitor 711, and the analytics database712. Relative to the database subsystem 700 shown in FIG. 15 , thedatabase subsystem 900 replaces the single node 710 with a replica set910 comprising primary node 920 and secondary nodes 930 and 940. In oneexample, the replica set 910 functions in much the same manner as thereplica set 800 discussed with respect to FIG. 16 . While only twosecondary nodes 930 and 940 are shown for illustrative purposes, it willbe appreciated that the number of secondary nodes may be scaled up ordown as desired or necessary.

In one example, database operation requests directed to the replica set910 may be processed by the primary node 920 and either performed by theprimary node 920 or directed to a secondary node 930, 940 asappropriate. In one embodiment, both read and write operations arepermitted at any node (including primary node 920 or secondary nodes930, 940) in response to requests from clients. The scalability of readoperations can be achieved by adding nodes and database instances. Insome embodiments, the primary node 920 and/or the secondary nodes 930,940 are configured to respond to read operation requests by eitherperforming the read operation at that node or by delegating the readrequest operation to another node (e.g., a particular secondary node930). Such delegation may be performed based on various load-balancingand traffic direction techniques.

In some embodiments, the database only allows write operations to beperformed at the primary node 920, with the secondary nodes 930, 940disallowing write operations. In such embodiments, the primary node 920receives and processes write requests against the database, andreplicates the operation/transaction asynchronously throughout thesystem to the secondary nodes 930, 940. In one example, the primary node920 receives and performs client write operations and generates anoplog. Each logged operation is replicated to, and carried out by, eachof the secondary nodes 930, 940, thereby bringing those secondary nodesinto synchronization with the primary node 920 under aneventual-consistency model.

In one example, primary database data (i.e., the data being stored andqueried) may be stored by one or more data storage engines in one ormore data formats in the primary data memory 922, 932, 942 of nodes 920,930, 940, respectively. Database index data may be stored by one or moredata storage engines in one or more data formats in the index datamemory 924, 934, 944 of nodes 920, 930, 940, respectively. Oplog datamay be stored by a data storage engine in a data format in oplog datamemory 926 of node 920.

In some embodiments, logging for interaction with source and destinationclusters as well as the internal status change may be used inside areplicator. In some embodiments, a fatal level logs all the scenariosthat cause the termination of the process. In some embodiments, errorlevel logs unexpected responses or status change regardless if it'sfatal or recoverable. In some embodiments, internal status change andmigration progress are tracked on an information level. When there is aDDL operation, some embodiments record the event itself as well as theoperation sent to the destination. On the debug level, some embodimentslog information that may be helpful to the debugging such as queue size,batch size, each writer's status, connection status, etc. On a trace loglevel, some embodiments log any request/response body with a driverexcept content of the migration data.

In some embodiments, a globalStateDoc will be inserted by one of themongosyncs to the destination cluster. In some embodiments, themongosync that successfully performs the insert is recognized as thecoordinator. In some embodiments, the GlobalStateDoc will exist even inthe single replica set configuration. In some embodiments, the singlereplicator will always become the coordinator to avoid having branchingbehavior between the single and multiple replicator configuration cases.In some embodiments, the globalStateDoc will include the followingfields:

-   -   _id: <string>: “globalStateDoc”    -   ChangeStreamTS: <Timestamp> The timestamp to start        ChangeEventApplication    -   Coordinator: <string> The id of the coordinator mongosync    -   Replicator: <Subdocument representing list of mongosync ids> A        list of ids of every mongosync in the current configuration        (including the coordinator). In some embodiments, this field        will have a single entry (just the coordinator) in the single        replicator case and will have shardlds in the multiple        replicator case.    -   reversible: <bool> An indicator of whether or not a particular        C2C replication is reversible. In some embodiments, this field        is set by passing in the value in the/start command, and may not        be changed mid-replication.

In some embodiments, mongosyncs rely on the GlobalStateDoc to gatherinformation about the global replicator configuration on failoverrecovery. In an exemplary configuration, only the coordinator is allowedto write to this document.

FIG. 18 is a flow diagram of an exemplary embodiment of a method 1800 toreplicate data from a source database cluster to a destination databasecluster with a plurality of replicators. In step 1802, data isreplicated by a first replicator from a first subset of a sourcedatabase cluster to a destination database cluster. In step 1804, datais replicated by a second replicator from a second subset of the sourcedatabase cluster to the destination database cluster. In someembodiments, steps 1802 and 1804 are executed at least partially inparallel. In some embodiments, data is replicated by a finite number ofreplicators wherein each replicator replicates data from a correspondingsubset of the source database cluster to the destination data basecluster. In some embodiments, the replicating of data by the replicatorsfrom respective subsets of the source database cluster to thedestination databased cluster is done at least partially in parallel.

In some embodiments, each replicator monitors an associated changestream comprising data indicative of a change of data in an associatedsubset of the source database cluster and translate the change of datato database operations to be performed to the destination databasecluster. In some embodiments, each replicator replicates an index ofdata as a non-unique index from the source database cluster while itreplicates data from the source database cluster to the destinationdatabase cluster. In some embodiments, each replicator converts anon-unique index to a unique index after its own replication as well asthe replications of one or more other replicators are committed.

FIG. 19 is a flow diagram of an exemplary embodiment of a method 1900 toreplicate data from a source database cluster to a destination databasecluster with a plurality of replicators. In step 1902, a firstreplicator executes one or more first operations to replicate one ormore associated partitions of data from the source database cluster tothe destination database cluster. In step 1904, the first replicatormonitors a respective change stream comprising data indicative of achange of data in the one or more partitions associated with the firstreplicator. In step 1906, the first replicator executes one or moresecond operations to translate the change of data to one or moredatabase operations to be performed to the destination database cluster.In some embodiments, the execution of the first operations to replicateassociated one or more partitions of data is interleaved with theexecution of the second operations to translate the change of data toone or more data base operations.

In step 1908, a second replicator executes one or more first operationsto replicate one or more associated partitions of data from the sourcedatabase cluster to the destination database cluster. In step 1910, thesecond replicator monitors a respective change stream comprising dataindicative of a change of data in the one or more partitions associatedwith the second replicator. In step 1912, the second replicator executesone or more second operations to translate the change of data to one ormore database operations to be performed to the destination databasecluster.

In some embodiments, the first replicator copies data from a firstsubset of the source database cluster to the destination databasecluster and a second replicator copies data from a second subset of thesource database cluster to the destination database cluster. In someembodiments, the copying of data from a respective subset of the sourcedatabase cluster to the destination database cluster by the first andsecond replicators is done at least partially in parallel. In someembodiments, each replicator is configured to provide a secondreplication pathway, independent of a first replication architectureoperating on the source database cluster.

The terms “program” or “software” are used herein in a generic sense torefer to any type of computer code or set of processor-executableinstructions that can be employed to program a computer or otherprocessor to implement various aspects of embodiments as discussedabove. Additionally, it should be appreciated that according to oneaspect, one or more computer programs that when executed perform methodsof the disclosure provided herein need not reside on a single computeror processor, but may be distributed in a modular fashion amongdifferent computers or processors to implement various aspects of thedisclosure provided herein.

Processor-executable instructions may be in many forms, such as programmodules, executed by one or more computers or other devices. Generally,program modules include routines, programs, objects, components, datastructures, etc. that perform particular tasks or implement particularabstract data types. Typically, the functionality of the program modulesmay be combined or distributed as desired in various embodiments.

Also, data structures may be stored in one or more non-transitorycomputer-readable storage media in any suitable form. For simplicity ofillustration, data structures may be shown to have fields that arerelated through location in the data structure. Such relationships maylikewise be achieved by assigning storage for the fields with locationsin a non-transitory computer-readable medium that convey relationshipbetween the fields. However, any suitable mechanism may be used toestablish relationships among information in fields of a data structure,including through the use of pointers, tags or other mechanisms thatestablish relationships among data elements.

Also, various inventive concepts may be embodied as one or moreprocesses, of which examples (e.g., the processes described withreference to figures and functions above, the various system components,analysis algorithms, processing algorithms, etc.) have been provided.The acts performed as part of each process may be ordered in anysuitable way. Accordingly, embodiments may be constructed in which actsare performed in an order different than illustrated, which may includeperforming some acts simultaneously, even though shown as sequentialacts in illustrative embodiments.

Additionally, and/or alternatively, various inventive concepts may beembodied as one or more processes, of which examples (e.g., theprocesses described with reference to figures and functions above, thevarious system components, analysis algorithms, processing algorithms,etc.) have been provided. The acts performed as part of each process maybe ordered in any suitable way. Accordingly, embodiments may beconstructed in which acts are performed in an order different thanillustrated, which may include performing some acts simultaneously, eventhough shown as sequential acts in illustrative embodiments.

All definitions, as defined and used herein, should be understood tocontrol over dictionary definitions, and/or ordinary meanings of thedefined terms. As used herein in the specification and in the claims,the phrase “at least one,” in reference to a list of one or moreelements, should be understood to mean at least one element selectedfrom any one or more of the elements in the list of elements, but notnecessarily including at least one of each and every elementspecifically listed within the list of elements and not excluding anycombinations of elements in the list of elements. This definition alsoallows that elements may optionally be present other than the elementsspecifically identified within the list of elements to which the phrase“at least one” refers, whether related or unrelated to those elementsspecifically identified. Thus, as a non-limiting example, “at least oneof A and B” (or, equivalently, “at least one of A or B,” or,equivalently “at least one of A and/or B”) can refer, in one embodiment,to at least one, optionally including more than one, A, with no Bpresent (and optionally including elements other than B); in anotherembodiment, to at least one, optionally including more than one, B, withno A present (and optionally including elements other than A); in yetanother embodiment, to at least one, optionally including more than one,A, and at least one, optionally including more than one, B (andoptionally including other elements); etc.

The phrase “and/or,” as used herein in the specification and in theclaims, should be understood to mean “either or both” of the elements soconjoined, i.e., elements that are conjunctively present in some casesand disjunctively present in other cases. Multiple elements listed with“and/or” should be construed in the same fashion, i.e., “one or more” ofthe elements so conjoined. Other elements may optionally be presentother than the elements specifically identified by the “and/or” clause,whether related or unrelated to those elements specifically identified.Thus, as a non-limiting example, a reference to “A and/or B”, when usedin conjunction with open-ended language such as “comprising” can refer,in one embodiment, to A only (optionally including elements other thanB); in another embodiment, to B only (optionally including elementsother than A); in yet another embodiment, to both A and B (optionallyincluding other elements); etc.

Use of ordinal terms such as “first,” “second,” “third,” etc., in theclaims to modify a claim element does not by itself connote anypriority, precedence, or order of one claim element over another or thetemporal order in which acts of a method are performed. Such terms areused merely as labels to distinguish one claim element having a certainname from another element having a same name (but for use of the ordinalterm).

The phraseology and terminology used herein is for the purpose ofdescription and should not be regarded as limiting. The use of“including,” “comprising,” “having,” “containing”, “involving,” andvariations thereof, is meant to encompass the items listed thereafterand additional items.

Having described several embodiments of the techniques described hereinin detail, various modifications, and improvements will readily occur tothose skilled in the art. Such modifications and improvements areintended to be within the spirit and scope of the disclosure.Accordingly, the foregoing description is by way of example only, and isnot intended as limiting. The techniques are limited only as defined bythe following claims and the equivalents thereto.

1. A system comprising: a plurality of replicators coupled to a sourcedatabase cluster and a destination database cluster; and at least oneprocessor configured to cause the plurality of replicators to replicatedata on the source database cluster to the destination database cluster,wherein each of the source database cluster and the destination databasecluster is a shard cluster comprising multiple shard servers hostingmultiple shards of data; wherein: each of the plurality of replicatorsis configured to replicate data on a respective subset of the sourcedatabase cluster to the destination database cluster; and a firstreplicator of the plurality of replicators is configured to replicatedata from a first subset of the source database cluster to thedestination database cluster at least partially in parallel with asecond replicator of the plurality of replicators replicating data froma second subset of the source database cluster to the destinationdatabase cluster.
 2. The system of claim 1, wherein each replicator ofthe plurality of replicators is configured to: monitor a respectiveassociated change stream comprising data indicative of a change of datain the subset of the source database cluster associated with thereplicator; and translate the change of data to one or more databaseoperations to be performed to the destination database cluster.
 3. Thesystem of claim 1, wherein each replicator of the plurality ofreplicators is configured to provides a second replication pathway,independent of a first replication architecture operating on the sourcedatabase cluster.
 4. The system of claim 3, wherein the firstreplication architecture includes: a primary node hosting data of thesource cluster and secondary nodes hosting copies of the primary nodedata, wherein the primary node accepts and processes write operationsagainst the hosted data of the source cluster, and maintains anoperation log reflecting changes to the hosted data of the sourcecluster, and wherein the secondary nodes maintain consistency in thehosted copies of the primary node data base on executing operations fromthe operation log.
 5. The system of claim 2, wherein: a first changestream associated with the first replicator corresponds to a firstsubset of shards in the source database cluster; and a second changestream associated with the second replicator corresponds to a secondsubset of shards in the source database cluster, the second subset ofshards being different from the first subset of shards.
 6. The system ofclaim 1, wherein: each of the plurality of replicators is furtherconfigured to replicate indexes of data from the source database clusterwhile replicating the data from the source database cluster to thedestination database cluster; and the at least one processor is furtherconfigured to: cause each of the first replicator and the secondreplicator to replicate the indexes as non-unique indexes; and convertthe non-unique index to unique indexes when replications of theplurality of replicators including the at least the first and secondreplicators are committed.
 7. The system of claim 6, wherein the atleast one processor is further configured to: determine whether aviolation of indexes exists; and in response to determining that aviolation of indexes exists, output or cause to output a reportcomprising the violation on a user device.
 8. The system of claim 1,wherein the at least one processor is further configured to: cause theplurality of replicators to suspend operation of replicating data fromthe source database cluster to the destination database cluster; andcause the plurality of replicators to resume replicating data from thesource database cluster to the destination database cluster at where thesuspended operation of replicating left off.
 9. The system of claim 1,wherein the at least one processor is further configured to: receiveuser command to reverse replication; and cause the plurality ofreplicators to reverse replication by replicating data from thedestination database cluster to the source database cluster.
 10. Thesystem of claim 9, wherein the at least one processor is furtherconfigured to: determine whether replication of data from the sourcedatabase cluster to the destination database cluster is committed beforecausing the plurality of replicators to reverse replication; and inresponse to determining that the replication of data from the sourcedata cluster to the destination database cluster is committed, causingthe plurality of replicators to reverse replication.
 11. The system ofclaim 1, wherein the at least one processor is further configured to:cause the plurality of replicators to perform initial replication ofdata from the source database cluster to the destination databasecluster; and after the initial replication of data from the sourcedatabase cluster to the destination database cluster is completed, causethe plurality of replicators to continue replicating data from thesource database cluster to the destination database cluster based onsubsequent data change on the source database cluster.
 12. The system ofclaim 1, wherein: the destination database cluster comprises a laststate for each document in the destination database cluster, the laststate storing data about a most recently change to the document; andeach of the plurality of replicators is further configured to: detect achange event to a document; retrieve the last state associated with thedocument; and determine whether to apply the change event to thedocument based on the last state and a time the change event occurred.13. The system of claim 12, wherein: each of the plurality ofreplicators is further configured to, when applying a change to adocument, update the last state for the document to which the change isapplied.
 14. A method for replicating data from a source databasecluster to a destination database cluster with a plurality ofreplicators comprising: replicating data on the source database clusterto the destination database cluster with the plurality of replicatorscomprising: replicating data from a first subset of the source databasecluster to the destination database cluster with a first replicator ofthe plurality of replicators; and replicating data from a second subsetof the source database cluster to the destination database cluster witha second replicator of the plurality of replicators at least partiallyin parallel with the replicating data from the first subset of thesource database cluster to the destination database cluster with thefirst replicator of the plurality of replicators.
 15. The method ofclaim 14 further comprising: monitoring a respective associated changestream comprising data indicative of a change of data in the subset ofthe source database cluster associated with the first replicator; andtranslating the change of data to one or more database operations to beperformed to the destination database cluster.
 16. The method of claim14 further comprising: replicating indexes of data from the sourcedatabase cluster while replicating the data from the source databasecluster to the destination database cluster; causing each of the firstreplicator and the second replicator to replicate the indexes asnon-unique indexes; and converting at least one index of the non-uniqueindexes to a unique index when replications of the plurality ofreplicators including the at least the first and second replicators arecommitted.
 17. The method of claim 16 further comprising: determinewhether a violation of indexes exists; and in response to determiningthat a violation of indexes exists, output or cause to output a reportcomprising the violation on a user device.
 18. The method of claim 14further comprising: suspending operation of replicating data from thesource database cluster to the destination database cluster; andreplicating data from the source database cluster to the destinationdatabase cluster at where the suspended operation of replicating leftoff.
 19. The method of claim 14 further comprising: receiving usercommand to reverse replication; and reversing replication by replicatingdata from the destination database cluster to the source databasecluster.
 20. The method of claim 19 further comprising: determiningwhether replication of data from the source database cluster to thedestination database cluster is committed before reversing replication;and in response to determining that the replication of data from thesource data cluster to the destination database cluster is committed,reversing replication.